Changes to CRM-16777

diff --git a/CRM/Admin/Form/ScheduleReminders.php b/CRM/Admin/Form/ScheduleReminders.php
index 721004ecb3f7222e6a32c5a5da86f905c369c785..a30ed5147846b70d7efd8f8622a6600a1b2ab401 100644 (file)
--- a/CRM/Admin/Form/ScheduleReminders.php
+++ b/CRM/Admin/Form/ScheduleReminders.php
@@ -62,6 +62,14 @@ class CRM_Admin_Form_ScheduleReminders extends CRM_Admin_Form {
     if (empty($this->_context) && !CRM_Core_Permission::check('administer CiviCRM')) {
       CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
     }
+    //CRM-16777: When user have ACLs 'edit' permission for specific event, do not give access to add, delete & updtae
+    //schedule reminder for other events.
+    else {
+      $this->_compId = CRM_Utils_Request::retrieve('compId', 'Integer', $this);
+      if (!CRM_Event_BAO_Event::checkPermission($this->_compId, CRM_Core_Permission::EDIT)) {
+        CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
+      }
+    }
 
     if ($this->_action & (CRM_Core_Action::DELETE)) {
       $reminderName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_ActionSchedule', $this->_id, 'title');